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Abstract 

Complex hybrid systems are present in a large range of 
engineering applications, like mechanical systems, elec- 
trical circuits, or embedded computation systems. The 
behavior of these systems is made up of continuous and 
discrete event dynamics that increase the difficulties for 
accurate and timely online fault diagnosis. The Hybrid 
Diagnosis Engine (HyDE) offers flexibility to the diagno- 
sis application designer to choose the modeling paradigm 
and the reasoning algorithms. The HyDE architecture 
supports the use of multiple modeling paradigms at the 
component and system level. However, HyDE faces some 
problems regarding performance in terms of complexity 
and time. Our focus in this paper is on developing effi- 
cient model-based methodologies for online fault diagno- 
sis in complex hybrid systems. To do this, we propose a 
diagnosis framework where structural model decomposi- 
tion is integrated within the HyDE diagnosis framework 
to reduce the computational complexity associated with 
the fault diagnosis of hybrid systems. As a case study, 
we apply our approach to a diagnostic testbed, the Ad- 
vanced Diagnostics and Prognostics Testbed (ADAPT), 
using real data. 

1. Introduction 

Nowadays, complex hybrid systems are present in many 
engineering applications, from electrical circuits to em- 
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bedded computation systems. Their behavior is made 
up of continuous and discrete event dynamics, making 
more difficult accurate and timely online fault diagno- 
sis. Our focus in this paper is on developing efficient 
model-based methodologies for online fault diagnosis in 
complex hybrid systems. Hybrid systems modeling and 
diagnosis have been approached by the DX community, 
and several proposals have been made based on hybrid 
modeling (Mosterman & Biswas, 1999), hybrid state esti- 
mation (Hofbaur & Williams, 2004), or a combination of 
on-line state tracking and residual evaluation (Benazera 
& Trave-Massuyes, 2009; Bayoudh et al., 2008). In all 
cases, the solution requires to somehow model and even- 
tually fully or approximately estimate the set of possi- 
ble states, and to diagnose the current set of consistent 
modes. A major restriction, however, is that each tech- 
nique uses its own modeling paradigm and the reasoning 
algorithms implement a single strategy, therefore, do not 
facilitate the generation of flexible, integrated, reasoning 
solutions by the inclusion of additional diagnosis strate- 
gies, thus restricting the diagnostic capabilities of the 
hybrid diagnoser. 

In (Narasimhan & Brownston, 2007), the authors pro- 
posed a general framework for stochastic and hybrid 
model-based diagnosis called Hybrid Diagnosis Engine 
(HyDE). HyDE offers flexibility to the diagnosis appli- 
cation designer to choose the modeling paradigm and the 
reasoning algorithms. The HyDE architecture supports 
the use of multiple modeling paradigms at the compo- 
nent and system level. Several alternative algorithms 
are available for the various steps in diagnostic reason- 
ing. This approach is extensible, with support for the 
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addition of new modeling paradigms as well as diagnos- 
tic reasoning algorithms for existing or new modeling 
paradigms. However, HyDE faces some problems regard- 
ing performance in terms of time complexity. 

Recently, we have proposed to use structural model de- 
composition for efficient fault diagnosis and prognosis 
in continuous systems (Bregon, Biswas, & Pulido, 2012; 
Daigle et al., 2011, 2012). In (Roychoudhury et al., 
2013), we generalized those ideas and proposed a com- 
mon model decomposition framework, where we solve 
the model decomposition problems for three separate 
system health management tasks, namely, estimation 
(used for residual generation, that is usually required for 
fault detection and fault identification), fault isolation, 
and prediction (used for fault prognostics). The basic 
idea of the approach is to partition the global system 
model into submodels based on the set of measurements 
such that each submodel can estimate at least one mea- 
sured variable. This way, we will have submodels with 
diagnostic capability that are smaller than the global 
system model, leading to efficiency improvements and 
potential for parallel computation. 

In this paper, we integrate structural model decomposi- 
tion as in (Roychoudhury et al., 2013) within the HyDE 
diagnosis framework to reduce the computational com- 
plexity associated with the fault diagnosis of hybrid sys- 
tems. This work contributes in two different aspects. 
First, we propose an online diagnosis approach for hy- 
brid systems where the HyDE model is partitioned into 
submodels. Then, the global diagnosis result is provided 
by the combination of the local diagnosis results corre- 
sponding to the submodels. Second, we apply our ap- 
proach to a real system, the Advanced Diagnostics and 
Prognostics Testbed (ADAPT) with satisfactory results. 

The rest of the paper is organized as follows. Section 2 
presents the HyDE diagnosis framework. Section 3 dis- 
cusses the basic ideas of structural model decomposition. 
Section 4 proposes an integrated framework where struc- 
tural model decomposition is used to reduce HyDE’s 
computational burden. Section 5 shows results for the 
case study. Section 6 reviews the related work and cur- 
rent approaches for hybrid systems fault diagnosis and 
structural model decomposition. Finally, Section 7 con- 
cludes the paper. 

2. HyDE 

HyDE (Hybrid Diagnosis Engine) (Narasimhan & 
Brownston, 2007) combines ideas from consistency- 
based, control-theory-based and stochastic diagnosis ap- 
proaches to provide a general, flexible and extensible ar- 
chitecture for stochastic and hybrid diagnosis. HyDE 
supports the use of multiple modeling paradigms and is 


extensible to support new paradigms. HyDE also offers 
a library of algorithms to be used in the various steps 
of the diagnostic reasoning process. The key features of 
HyDE are: 

• Diagnosis of multiple discrete faults. 

• Support for hybrid models, including autonomous 
and commanded discrete switching. 

• Support for stochastic models and stochastic reason- 
ing. 

• Capability for handling time delay in the propaga- 
tion of fault effects. 

Next we present the HyDE modeling approach and rea- 
soning procedure. 

2.1. HyDE Models 

HyDE models have two parts, the transition model and 
the behavior model. The transition model describes 
the components that make up the system, the various 
operating modes of the system (including faulty ones), 
and the conditions for transitions between the operating 
modes. The behavior model specifies the behavior evo- 
lution and has three parts: the propagation model, inte- 
gration model, and dependency model. The information 
in the propagation model allows the estimation of un- 
known variable values from known variable values. The 
dependency model captures information about the de- 
pendencies between variables, models, and components. 
The integration model describes how the variables’ val- 
ues are propagated across time steps. HyDE supports 
the representation of each of the behavior models in more 
than one paradigm. 

2.2. HyDE Reasoning 

HyDE reasoning is the maintenance of a set C of 
weighted candidates (c,,w,). HyDE reasoning is the 
maintenance of a set of weighted candidates. A can- 
didate represents the hypothesized trajectory of the sys- 
tem inferred from the transition and behavior models, 
knowledge of the initial operating modes of all compo- 
nents and initial values of all variables, and the sensor 
observations reported to HyDE. The candidates’ weights 
are a way of ranking them and depend on several factors, 
including prior probabilities of transitions and the degree 
of fit between model predictions and observations. Al- 
though weights are in the range [0, 1], weight is not a 
probability measure. 

Each candidate contains a possible trajectory of system 
behavior evolution represented in the form of a hybrid 
state history and transition history. The hybrid state is a 
snapshot of the entire system state at any single instant. 
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It associates all components with their current operating 
inodes and all variables with their current values. Appli- 
cations run HyDE at discrete time steps, typically but 
not necessarily when observations are available. Time 
steps need not be periodic. For each time step that 
HyDE reasons about, a candidate contains two hybrid 
states, one at the beginning of the time step and one at 
the end, as well as the set of transitions taken by the 
system between the previous and current time steps. 

At time step 0 the candidate set is initialized with can- 
didate^) derived from the initial hybrid state of the sys- 
tem. Once the initial candidate set has been created, 
HyDE’s reasoning process uses the same sequence of op- 
erations for each time step. The reasoning process can be 
divided into three categories of operations (Narasimhan 
& Brownston, 2007): 

1. Candidate Set Management maintains the candidate 
set. The operations include updating the weights of 
all candidates, pruning candidates that do not sat- 
isfy minimum weight requirements, adding new can- 
didates (the next best ones from the candidate gen- 
erator) when necessary, and optionally re-sampling 
or normalizing the distribution of weights. 

2. Candidate Testing deals with operations on a single 
candidate. The operations include determining the 
occurrence of any transitions, estimating the hybrid 
states at the beginning and end of a time step, com- 
paring against observations to update weight of the 
candidate as well as reporting inconsistencies. 

3. Candidate Generation creates candidate generators 
from inconsistencies reported by Candidate Test- 
ing and supplies the next-best potential (untested) 
candidate to Candidate Set Management when re- 
quested. This is achieved using a conflict directed 
search. First reported inconsistencies are used to 
generate conflicts, i.e. , the subset of operating modes 
that cannot all be true at the same time. The con- 
flicts are then used to guide a search for new candi- 
dates by optimizing some candidate property (typi- 
cally weight or size). 

As we have mentioned, the size of the system model 
(HyDE uses the global model) directly affects the com- 
putational complexity for each one of the steps in the 
reasoning process. Our proposal on this work is to use 
structural model decomposition to divide the global sys- 
tem model into minimal submodels such the complexity 
in the reasoning process is reduced. Next section de- 
scribes our structural model decomposition approach to 
compute minimal submodels. Then, in Section 4 we will 
show in detail how these minimal submodels are inte- 
grated within the HyDE framework. 


Qin 



Figure 1. Schematic of three-tank system. 


3. Structural Model Decomposition 

In this section, we briefly present our structural model 
decomposition framework (Roychoudhury et ah, 2013). 
We begin with the definition of a model. 

Definition 1 (Model). A model At is a tuple M. = 
(H, C), where V is a set of variables, and C is set of 
constraints. V consists of five disjoint sets, namely, the 
set of state variables, X; the set of parameters, 0; the 
set of inputs, U ; the set of outputs, Y ; and the set of 
auxiliary variables, A. Each constraint c = (e c , V c ) € C 
consists of an equation e c involving variables V c 6 V. 

Input variables u € U are known or measured; and the 
output variables y € Y correspond to (measured) sen- 
sor signals. Parameters 6 £ 0 include explicit model 
parameters that are used in the model constraints. 0 
does not need to include all parameters in the equations, 
only those that must be included explicitly (e.g., for joint 
state-parameter estimation or fault isolation). These pa- 
rameters, by definition, are not computed in terms of 
any other variables, and, in this way, appear as inputs. 
Since the state variables X are, by definition, enough to 
describe the future behavior of the system, the auxiliary 
variables a € A are not strictly needed, however, they 
make the model easier to parse, develop, and implement. 

As shown in Defn. 1, a constraint c = (e c , V c ) includes 
an equation e c over the set of variables V c . Note that 
c does not impose any computational causality on the 
variables V c , i.e., although e c captures the information 
about how to compute a variable v € V c in terms of 
all other variables in V c , the constraint does not specify 
which v € V c is the dependent variable in equation s c . 
We write a constraint ci = (e Cl , V Cl ) by its equation, 
e.g., as follows: 

a + b = c + d (ci) 

where V Cl = {a, b, c, d}. 

Example 1. Fig. 1 shows the schematic of a three-tank 
system. For tank i S {1,2, 3}, p* denotes the pressure at 
the bottom of the tank, hi denotes the fluid height in the 
tank, and Qi denotes the volumetric flow rate out of the 
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outflow pipe. For adjacent tanks i and j, Qij denotes the 
flow rate in the connecting pipe, and Qi n is the inflow 
into tank 1. We model the three-tank system with the 
following constraints: 
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Q 12 
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where for tank i, Ai denotes the tank cross-sectional 
area, Ki denotes the capacitance, Ri denotes the re- 
sistance of the outflow pipe, and for tanks i and j, 
Rij denotes the flow resistance of the pipe between the 
tanks. Here X = {p!,p 2: p 3 }, 0 = 0, f7 = {Q ir J, 
Y = {hl.Q^Ql} 1 , and A = {pi,p 2 ,p 3 j. 

In order to define for a constraint c which variable v £ V c 
is the dependent variable that is computed by the others 
using the constraint, we require the notion of a causal 
assignment. 

Definition 2 (Causal Assignment). A causal assign- 
ment a to a constraint c = (e c , V c ) is a tuple a = 
(c,v° ut ), where v° ut £ V c is assigned as the dependent 
variable in equation e c . 

Unlike a constraint, a causal assignment defines a com- 
putational causality (or computational direction) to a 
particular variable v° ut £ V c in the constraint in which 
it can be computed in terms of all other variables in V c . 
We write a causal assignment of a constraint using the 
constraint’s equation in a causal form. For example, for 
constraint Ci above choosing = d: 


d := a + b — c 




where Constraint c\ is rewritten with a := symbol to 
explicitly denote that the direction of computation is 

name output variables with an asterisk so as to not confuse 
the measured variables from unmeasured versions of them that 
may be used as state or auxiliary variables. 


from variables a, b , and c to d. 

We say that a set of causal assignments A, for a model 
AI is valid if 


• For all v £ U U 0, A does not contain any a such that 
a = (c,v), i.e. , U and 0 are not computed in terms of 
any other variables. 

• For all v £ Y, A does not contain any a = (c,v° ut ) 
where v £ V c — {v° ut }, i.e., no variable is computed in 
terms of any y £ Y. 

• For all v £ V—U—Q, A contains exactly one a = (c, v), 
i.e., other than the variables in U and 0, every variable 
must have exactly one constraint to compute it. 

A causal model is a model extended with a valid set of 
causal assignments. 

Definition 3 (Causal Model). Given a model A4* = 
(U, C), a causal model for AI* is a tuple M. = (U, C, Al), 
where A is a set of valid causal assignments. 

Example 2. The causal assignments for the three-tank 
model introduced in Example 1 are as follows: 
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Here, we assume integral causality, i.e., state variables 
are computed via integration. 


For the purposes of visualizing a causal model, we rep- 
resent M using a directed graph Q = (V,£), where V 
is the set of vertices corresponding directly to the vari- 
ables V in At, and £ is the set of edges, where for ev- 
ery (c,v° ut ) £ A, we include an edge {v' ,v° ut ) for each 
v' £ V c - {v° c ut }. 

Example 3. Fig. 2 shows the causal graph for the three- 
tank system of Example 1 with Y = {h{, Q* 2 , Ql}- State 
variables are denoted using dashed boxes, output vari- 
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Figure 2. Causal graph of three tank system with Y = 

{hl,Q* 12 ,Q* 3 }. 

ables are denoted using solid-lined boxes, and input vari- 
ables are denoted using dashed circles. 

Given a model, we are interested in generating submod- 
els that allow for the computation of a given set of vari- 
ables using only local inputs. Given a definition of the 
local inputs (in general, selected from V) and the set of 
variables we wish to be computed by the submodel (se- 
lected from V — U — 0) , we create from a causal model 
M a causal submodel Mi- We obtain a submodel in 
which only a subset of the variables in V are computed 
using only a subset of the constraints in C. In this 
way, each submodel computes its variable values inde- 
pendently from all other submodels. A submodel can be 
defined as follows. 

Definition 4 (Causal Submodel). A causal submodel 
Mi of a causal model M = (V, (7, A) is a tuple Mi = 
( Vi,Ci,Ai ), where V) C V. C\ C C, and Ai is a set of 
(valid) causal assignments for Mi- 

Note that, in general, A, is not a subset of A, because 
since we allow to select local inputs from Y , these vari- 
ables become local inputs, i.e. , appear in [/,, and the 
causal assignment in A that computes these variables is 
changed to a form where some other variable in the cor- 
responding constraint is selected as the dependent vari- 
able. As a result, these causal assignments will be dif- 
ferent, but the rest of the causal assignments in Ai will 
still be found in A. 

The procedure for generating a submodel from a causal 
model is given as Algorithm 1 (Roychoudhury et al., 
2013). Given a causal model M, a set of variables 
U* D U that includes the input variables in M as well as 
some other variables previously not in U that are consid- 
ered as local inputs, and a set of variables to be computed 
V* 1 and a preferences list, P (explained below), the Gen- 
erateSubmodel algorithm derives a causal submodel Mi 
that computes V* using a subset of U*. 

In Algorithm 1, the queue, variables , represents the set 
of variables that have been added to the submodel but 
have not yet been resolved, i.e., they cannot yet be com- 
puted by the submodel. This queue is initialized to V * , 
the set of variables that must be computed by the sub- 
model. The algorithm then loops until this queue has 


Algorithm 1 Mi = GenerateSubmodel(AF, U* , V*, P) 

1: Vi <- V* 

2: Ci 4- 0 
3: A 4- 0 
4: variables 4— V* 

5: while variables ^ 0 do 
6: v <— pop (variables) 

7: c 4— GetBestConstraint)'!;, Vi, U* , A, P) 

8: Ci 4 — Ci U {cl 

9: Ai 4— Ai U {(c, t)} 

10: for all v' £ V c do 

11: if v' Vi and v' (f: 0 and v' U* then 

12: variables 4— variables U {«'} 

13: end if 

14: Vi 4- Vi U {v'} 

15: end for 

16: end while 
17: Mi 4- (Vi,Ci,Ai) 


been emptied, i.e., the submodel can compute all vari- 
ables in V* using only variables in U*. Within the loop, 
the next variable v is popped off the queue. We then de- 
termine the best constraint to use to resolve this variable 
with the GetBestConstraint subroutine (Subroutine 2). 
We add the constraint to the submodel and the causal 
assignment for the constraint in the form that computes 
v. We then need to resolve all the variables being used to 
compute v, i.e., all its predecessors in the causal graph. 
Each of these variables that have not already been vis- 
ited (not already in V)), are not parameters (not in 0), 
and are not local inputs (not in U*) must be resolved 
and so are added to the queue. Then the variables are 
added to the submodel and the loop continues until the 
queue is emptied. 

The goal of the GetBestConstraint subroutine is to 
find the best constraint to resolve v. The subroutine 
constructs a set C that is the set of constraints that 
can completely resolve the variable, i.e., resolves v with- 
out further backward propagation (all other variables in- 
volved in the constraint are in V) U 0 U U*), and then 
chooses the best according to a preferences list P. If 
no such constraint exists, then the constraint that com- 
putes v in the current causal assignment is chosen, and 
further backward propagation will be necessary. Here, 
we are preferring minimal resolutions of v, i.e., those 
that do not require backward propagation, because then 
the submodel will be minimal in the number of variables 
and constraints needed to compute V* . 

In general, a variable v is involved in many constraints, 
however, exactly one of these constraints, in the given 
causal assignment, computes v. If this constraint does 
not completely resolve v, we find the constraints in which 
v is used to compute some output variable y € Y D U* . 
We consider modifying the causal assignment so that 
such a y (used now as an input) is used to compute v, 
instead of v being used to compute y. This can only 
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Subroutine 2 c = GetBestConstraint(u, Vi, U*, A, P) 

1: C < — 0 

2: c v 4— find c where (c, v) £ A 
3: if (F c „ -v)CViUU* then 
4: C<— CU{c„} 

5: end if 

6: for all y 6 Y fl U* do 

7: c y 4— find c where (c, y) € A 

8: if v € Vcy and (V Cy —v)CViUU* then 

9: C<-CU{C;,} 

10: end if 

11: end for 

12: if C = 0 then 

13: C 4 — Cv 

14: else if c v £ C then 

15: C 4— C v 

16: else 

17: C' 

18: for all ci, C 2 £ C where ci ^ C 2 do 

19: 2/1 4— find y where (ci,2/i) £ A 

20: 2/2 4— find y where ( 02 , 2 / 2 ) £ A 

21: if ( 2/1 < 2 / 2 ) £ P then 

22: C" 4- C" - {ci} 

23: end if 

24: end for 

25: C 4— f irst(C' , ) 

26: end if 


be performed if, for the causal assignment in which y 
is being used to compute v, all other variables involved 
in the constraint are in bjU0U(7*, in which case this 
constraint in this new causal assignment can completely 
resolve v. If no constraint can be found that completely 
resolves v, then the constraint that in the current causal 
assignment computes v will have to be used, and back- 
ward propagation will be necessary. Otherwise, we select 
the most preferable constraint that completely resolves 
v. Preference among constraints (in which an output 
would be transformed to an input) is computed using 
a preferences list P, that contains a partial ordering of 
all the outputs in the model of the form /// < yj , mean- 
ing that yj is preferred over y, . The subroutine goes 
through every pair of constraints and removes from the 
list of most preferable constraints, C', any constraint 
that uses a measured variable that is less preferable to 
one involved in another constraint. Of those remaining, 
an arbitrary choice is made. The preferences list can be 
used to prefer measured variables with less noise over 
those with more noise. 

Example 4. For the three-tank model (Fig. 2), say that 
we select U* = {Qi n , h\, Ql 2 } and V* = {Q3}, and 
P = {(Q12 < Algorithm 1 starts with V) = Q 3 , 

and propagates back to pg : and adds it to V). From pg 
it propagates back to p 3 , adding it to V). Of the prede- 
cessors of P3, p 3 is already in Vi, so is not added to the 
variables queue, and P2 is not, so the algorithm propa- 
gates back to P2, adding it to V). At this point, there are 
two constraints to consider to possibly compute p2- (i) 
the constraint C3 with causal assignment ag that com- 



Figure 3. Causal graph for the minimal submodel of the 
three-tank system computed when U* = {Qi n , hi, 

V* ={Q* 3 } and P = {(Q* 12 < h})}. 


putes P2 from j>2, or (ii) the constraint eg with causal 
assignment 0:9, set to have the new causal assignment 

P2 '■= Pi ^ Q 12 ' R12, ( a ll) 

that computes P2 from pi and Ql 2 - In an, p\ is re- 
quired but is not yet included in V), so this constraint 
cannot completely resolve P2 and we default to using 
causal assignment 03, propagating back to P2 and from 
there to p\ (j>2 and p 3 are already in Vi). Now, at p±, 
we have three constraints to consider that may resolve 
Pi'. ( i ) the constraint C2 with causal assignment a2 that 
computes pi from pi, (ii) the constraint eg with causal 
assignment ag, set to have the new causal assignment 


Pi P2 + Q 12 ‘ R12 (042) 


that computes p\ from Ql 2 and P2, and (in) the con- 
straint eg with causal assignment as, set to have the 
new causal assignment 


Pi ■■= 


K -A, 

Ki 


(043) 


that computes p\ from h}. Since the preferences list P 
prefers h * over Ql 2 , the algorithm chooses to compute p\ 
using causal assignment ai3. The graph for the resultant 
submodel is shown in Fig. 3. 


In the following sections, we show how this model decom- 
position approach can be integrated within the HyDE 
diagnosis framework to reduce the computational com- 
plexity associated with the diagnosis of faults in hybrid 
systems. 


4. Integration Proposal 

The three main steps in the reasoning process of HyDE 
are simulation, comparison and candidate generation. 
These steps are performed for each currently consistent 
candidate in the candidate set. In this section, we show 
how the inclusion of structural model decomposition af- 
fects each one of these steps, thus proposing a framework 
where decomposed models can be implemented within 
HyDE. 
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In the simulation step, the behavior of the system is sim- 
ulated using the global model of the system. The goal 
of the simulation step is to predict expected values of 
variables in the model that correspond to sensed obser- 
vations. The main problem regarding this simulation 
step in HyDE is related to the time and memory perfor- 
mance of HyDE. Our proposal here is to use structural 
model decomposition so several smaller simulation tasks 
can be run. The advantage of using minimal submod- 
els for simulation is its smaller size when compared to 
the size of the global model. However, as we will explain 
later, computing HyDE models from minimal submodels 
will affect the comparison and the candidate generation 
steps in the reasoning process of HyDE as well. 

In order to implement minimal submodels in HyDE, we 
have to look at the models used by HyDE, which are sim- 
ilar to simulation models. They describe the expected 
behavior of the system under nominal and fault condi- 
tions. The model can be constructed in modular and 
hierarchical fashion by building component subsystem 
models (which may themselves contain component sub- 
system models) and linking them through shared vari- 
ables/parameters. The component model is expressed 
as operating modes of the component and conditions 
for transitions between these various modes. Faults are 
modeled as transitions whose conditions for transitions 
are unknown (and have to be inferred through the rea- 
soning process). Finally, the behavior of the components 
is expressed as a set of variables/parameters and rela- 
tions governing the interaction among them (for exam- 
ple, equations). The relation between HyDE components 
and our structural decomposition framework is summa- 
rized as follows: 

• HyDE model variables are related to variables V in 
our model. 

• The propagation model is specified as constraint 
predicates over model variables. Constraints may 
be Boolean expressions if the variables are Boolean; 
algebraic and ordinary differential equations for 
interval- and real-valued variables, and equality or 
inequality for all variables. These are related to the 
causal assignments, A, in our model description. 

• Candidates Cj in HyDE are related to parameters 9i 
in our model. 

• The integration model in HyDE is related to vari- 
ables X in our model. 

The comparison step then takes the predictions from the 
simulation step and the sensed observations and deter- 
mines if they are consistent with each other or not. This 
step is performed only for those variables specified to 
be output variables (some sensed variables are desig- 
nated inputs and will not be involved in the comparison 


step) . Typically the percentage difference is compared to 
a threshold defined in the noise characteristics for each 
sensor specified when building the HyDE model. When 
HyDE is run without model decomposition only a sub- 
set of the sensed variables (those designated as output) 
are used in comparisons, while with minimal submodels 
all sensed variables will be used in comparisons. How- 
ever this overhead is quite insignificant when compared 
to computational complexity of the simulation and can- 
didate generation steps. 

The third and final step is the candidate generation 
which is typically the most computationally intensive 
step. When the comparison step results in inconsisten- 
cies a best first search is performed over the unknown 
transition space to identify potential candidates. When 
predicted values and sensed observations for a set of vari- 
ables do not match, then all unknown transitions that 
could have influenced those inconsistent variables are 
considered suspects. There are two such flavors of depen- 
dencies. A component may have behavioral constraints 
in the current mode that affect the inconsistent variables 
and unknown transitions take the component to a differ- 
ent mode that influences the inconsistent variables in a 
different way. For this a dependency graph that maps de- 
pendencies between variables of the system through cur- 
rently active behavioral constraints is generated. Back 
propagation through this graph starting from the incon- 
sistent variable, identifies all suspected components. For 
each suspected component, all unknown transitions from 
the current mode of that component are selected as po- 
tential candidates. Among these transitions those that 
lead to component modes that influence the inconsistent 
variable(s) in the same way as the current component 
mode are eliminated. 

The second flavor of influences are from components that 
do not affect the inconsistent variables in the current 
mode but have unknown transitions to modes that do 
influence the inconsistent variables. To identify such 
components a global dependency graph is generated that 
maps all dependencies in all modes of all components. 
Back propagation through this graph would then iden- 
tify additional potential candidates that could possibly 
fix the inconsistencies. 

When HyDE is used without model decomposition then 
the dependency graphs and candidate generation rep- 
resent the entire model resulting in complexity that is 
exponential in the total number of unknown transitions 
that influence in the model. After model decomposition 
the HyDE model is decomposed into independent sub- 
models each of which has its own dependency graph that 
is not connected to the other submodels. As a result, 
the candidate state space is significantly reduced. While 
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this approach works for component faults, sensor faults 
pose a problem when using a decomposed model. Since a 
sensed observation can be used as input in other submod- 
els a sensor fault would result in inconsistent variables 
in all of the submodels involving the sensor as an input 
or an output. In such cases we need a mechanism to 
report a single sensor fault instead of a fault from each 
submodel. 

Such a mechanism is implemented in HyDE by repre- 
senting the sensor as a single component. However inside 
the component there will be a variable for each submodel 
that the sensor appears in. When the sensor is used as an 
observation then its corresponding variable in the HyDE 
model is marked as an output variable, whereas if the 
observation is used as an input in the decomposition the 
corresponding variable is marked as an input variable in 
the HyDE model. The modes of the sensor component 
(that include nominal faulty modes) are shared by all 
of these variables. In other words these variables are 
connected to the rest of the variables in their submodels 
through independent behavioral constraints in the sensor 
component’s modes. This would result in nonconnected 
dependency graphs but referring to shared component 
modes. As a result the back propagation would identify 
the shared component as a suspect. 

Example 5. Consider a sensor component 51 with an 
associated variable vl that appears in two submodels 
Ml and M2. In Ml it appears as an output variable 
vl 0 and in M2 it appears as input variable vl j. Let the 
output variable associated with M2 be v2. When 51 is 
faulty then we will notice an inconsistency in the out- 
put Ml (predicted value for vl 0 would be nominal but 
because of sensor fault observed value for vl 0 will not 
be consistent) as well as M2 (since we will simulate a 
faulty nl value through M2 predicted value for v2 will 
not match the observed value). The dependency graph 
associated with Ml will have edges going back from vl 0 
to other variables represented in relations in Ml. The 
edge to vIq (going back from vl) will be labeled as de- 
pending on 51 being in the nominal node (which is the 
current operating mode of 51). The dependency graph 
for M2 will go backwards from v2 and will ultimately 
reach vli through relations represented in M2. In this 
case the edge out of vl * (going back into vli) would be 
labeled as depending on 51 too. In this case when we 
see vl 0 and v2 inconsistent, 51 will be selected as the 
most likely common explanation (unless there is another 
double fault with one component fault in Ml and an- 
other component fault in M2 that is more probable as 
defined by prior probabilities in the model). This ex- 
ample sensor component is illustrated in Fig. 4. The 
model inside sensor vl is displayed below wl component 
for convenience. In the nominal and faulty modes of op- 
eration, there will be independent constraints relating 


vlpredictedo with nl 0 and vl t with vl pre dictedi- This will 
break the propagation path from Ml at vl 0 and start 
an independent propagation path from vli to M2. 

This approach allows us to gain the benefits of reduced 
computational complexity of the model decomposition 
without adding and additional diagnostic fusion step 
that might have been necessary if each submodel was 
completely independent. 

5. Case Study 

In this section we present our case study, a subset 
of the Advanced Diagnostics and Prognostics Testbed 
(ADAPT) (Poll et al ., 2007), called ADAPT-Lite, which 
is an electrical power distribution system. We first 
briefly present the ADAPT-Lite system and then we 
show results that we obtained by using our integration 
approach. 

5.1. ADAPT-Lite 

A schematic of ADAPT-Lite is given in Fig. 5. Sensors 
prefixed with an “E” are voltage sensors, those with an 
“IT” are current sensors, and those with “ISH” or “ESH” 
are for states of circuit breakers and relays, respectively. 
TE228 is the battery temperature sensor, and ST516 is 
the fan speed sensor. Note that the inverter converts DC 
power to AC, and E265 and IT267 provide rms values 
of the AC waveforms. Here, Vb and is are the battery 
voltage and current, vq is the voltage across Co, v s is 
the voltage across C s , e is the inverter efficiency, Vi nv 
is the inverter voltage on the DC side, R inv is the DC 
resistance of the inverter, Rd c is the DC load resistance, 
Jf an is the fan inertia, and Bf an is a damping param- 
eter. Additional details on ADAPT-Lite may be found 
in (Daigle & Roychoudhury, 2010). 

5.2. Diagnosis Results 

For the case study we used test scenarios generated for 
the Diagnostic Competition 2011 (DXC 2011) (Poll et 
al., 2011). Specifically we used all of the 30 nominal 
scenarios and picked 66 fault scenarios that considered 
only discrete, abrupt and persistent faults. For these 
scenarios we ran the full HyDE model (we will call it 
HyDE) and the decomposed HyDE model (we will call it 
HyDE+PC). We then compared the diagnosis as well as 
the number of candidates that were tested before arriving 
at the diagnosis. For the nominal scenarios both models 
performed about the same with HyDE+PC using less 
computational time. However this time saving was very 
insignificant (order of milliseconds). One of the reasons 
for this is that the full ADAPT model is relatively small 
and behavioral constraint were mostly algebraic. 

Both models were tuned to not generate any false pos- 
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Figure 4. HyDE PC Sensor Model. 
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itives when run on the nominal scenarios. The results 
of running the faulty scenarios are presented in Table 
1. Each row in the table represents a fault in ADAPT. 
Regarding the columns, the first column identifies the 
faulty component and the kind of fault; the second and 
third columns indicate the time of fault injection and 
its magnitude; the fourth (resp. seventh) column shows 
the HyDE (resp. HyDE+PCs) diagnosis result; the fifth 
(resp. eighth) column indicates the number of candidates 
that HyDE (resp. HyDE+PCs) needs to explore imme- 
diately after the fault detection; the sixth (resp. ninth) 
column shows the HyDE (resp. HyDE+PCs) classifi- 
cation errors (either a false positive or a false negative); 
finally, the tenth column shows the difference in the num- 
ber of fault candidates considered for each one of the 
approaches. For an easier evaluation of the results ob- 
tained, Table 2 summarizes these results by giving the 
total number of candidates tried and classification er- 
rors for both of the approaches. Table 2 distinguishes 
between sensor and component faults. 

Since the candidate generation takes a significant 


amount of time (order of seconds) the computational 
time can be considered to be directly proportional to 
the number of candidates tested. From the results we 
can see that there are two main advantages from com- 
bining HyDE with PC’s. 

First we see that the number of errors is reduced from 19 
to 11. The reason for this will be apparent when we see 
how the simulation step is performed in the two cases. 
When only HyDE is used, the full model is simulated 
and any errors introduced because of model approxi- 
mations (parameters in the model are estimated from 
data and are based on the best fit available and hence 
are approximate) get propagated through the model and 
accumulate. As a result at the comparison step some 
variables are incorrectly determined to be inconsistent 
when they are not (false positives). This problem can be 
addressed by increasing the threshold used for compar- 
ison but that would lead to some valid inconsistencies 
to not be detected at all (false negatives). When using 
HyDE+PC this problem is substantially mitigated by 
the fact that simulation results (and any associated er- 
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Table 2. Summary of Diagnosis Results 
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rors) do not get propagated to other submodels (instead 
the actual sensed input values are used). This results in 
more accurate predictions (assuming sensor values used 
as inputs are not too noisy) which leads to better diag- 
nostic accuracy. 

The second advantage is that fewer candidates are tested 
in the candidate generation step. As shown in the re- 
sults, a total of 277 candidates for sensor faults and 44 
candidates for component faults are tested when using 
HyDE. On the other hand, when HyDE+PC is used, 
a total number of 54 candidates are tested for sensor 
faults and 20 for candidate faults. The reason for this 
is that the candidate generation step does not have to 
back propagate past submodel boundaries when using 
HyDE+PC. To understand this further first we look at 
how the unknown transition probabilities are set up. All 
component faults are considered to have the same prob- 
ability and have higher probabilities than sensor faults. 
Among sensor faults (we consider only offset and stuck) 
the offset fault is considered more probable that stuck 
fault. In the full HyDE model when we see some incon- 
sistent variables all components upstream of the sensors 
have to be considered suspect. However in the case of 
HyDE+PC all components upstream of the sensor only 
in that submodel have to be considered suspect. For 
sensor faults we see an even more marked improvement 
in performance because of the special mechanism used 
to represent sensors in HyDE+PC. In this case when we 
see 2 submodels to have inconsistent variables, the first 
explanation is the sensor that appears as output in one 
and input in the other. In the HyDE case all component 
faults upstream have to be considered before the sensor 
fault is considered, resulting in more candidates being 
tested. For HyDE+PC we notice that we always test 1 
(if actual fault is offset) or 2 (if actual fault is stuck then 
offset is tested first and then stuck is selected) candidates 
only. 

As examples we will consider one component fault 
(DC485 Failed) and one sensor fault (IT281 Offset). The 
HyDE and HyDE+PC model fragments containing these 
two components are illustrated in Fig. 6 and Fig. 7. For 
the DC485 Failed scenario using only HyDE we see that 
IT281 and IT240 are inconsistent and HyDE identifies 
EY284, DC485, CB280, EY260, EY244 and CB236 as 
possible suspects (based on the intersection of what is 
upstream of IT240 and IT281). When EY284 is tested 
it is consistent (EY284 and DC485 failures cannot be 
distinguished because they do not have any sensors in 
between them). When using HyDE+PC only IT281 is 
detected to be inconsistent and now only EY284 and 
DC485 are picked as suspects since only those 2 compo- 
nents are present in the submodel that contains IT281 as 
output. In this case also EY284 is tested first and found 


to be consistent (resulting in the same diagnostic error 
due to lack of diagnosability) . 

When we consider the IT281 Offset scenario, HyDE gen- 
erates EY284, DC485, CB280, EY260, EY244, CB236 
and IT281 as suspects. Since component faults have 
higher probability it considers the the 6 component faults 
first but they do not provide consistent predictions. Fi- 
nally IT281 Offset is selected as a candidate which re- 
sults in consistency. When HyDE+PC model is used, 
IT281 and IT240 are found to be inconsistent. In this 
case the only intersection when searching for suspects 
is the IT281 component. Testing the IT281 Offset (be- 
cause it has higher probability than IT281 Stuck) results 
in consistency. 

6. Related work 

Hybrid systems diagnosis has been tackled in different 
ways. Approaches based in a pure DES following the 
proposition by (Sampath et ah, 1995): most of them 
model the system as a set of automata, one for each work- 
ing mode, that tries to track the discrete state, while per- 
forming diagnosis as a state-estimation process (Hofbaur 
& Williams, 2004; Benazera & Trave-Massuyes, 2009). 
Obvious difference and advantage with HyDE is that it 
does not need to pre-enumerate modes because they are 
generated on the fly. Moreover it not required to gener- 
ate, track and confirm any potential new discrete estate 
given the ability to track continuous behavior. 

Decompositional approaches for continuous systems di- 
agnosis -such as PCs (Pulido & Alonso-Gonzalez, 
2004), ARRs (Staroswiecki & Declerck, 1989), 
MSOs (Krysander et al., 2008)-, have been extended 
for hybrid systems following somewhat the proposal 
by (Cocquempot et al., 2004), and their concept of 
parameterized ARRs (Bayoudh et al., 2009; Moya et al., 
2012). The set of ARRs or PCs for any mode must be 
generated off-line, and the active PCs or ARRs must be 
derived on-line. The obvious disadvantage is the need 
to model every potential transition in terms of known 
or estimated system variables. 

There is also the option to combine ARRs and hybrid 
mode tracking as in (Rienm’uller et al., 2013). This 
work combines hybrid estate estimation which is focused 
based on activated or non-activated residuals derived 
from ARRs for the current system. As in previous ap- 
proaches, the set of potential states must be taken into 
account and two different diagnosis processes must be 
done at the same time to avoid tracking multiple dis- 
crete modes. 

To avoid enumeration of potential modes, approaches 
based on Hybrid Bond Graphs, HBGs, adapt the 
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Figure 6. HyDE PC Sensor Model. 



Figure 7. HyDE PC Sensor Model. 


model of the current continuous state by activat- 
ing/deactivating switching junctions in a Bond-Graph 
model, and quickly providing a valid causal assign- 
ment (Narasimhan & Biswas, 2007). That approach 
can be combined with system model decomposition such 
as PCs, in the Hybrid PCs approach, providing a set 
of subsystems that can track the continuous behavior, 
while adapting to mode changes thanks to the underly- 
ing hybrid bond-graph modeling (Bregon, Alonso, et ah, 
2012). These HBG based approaches avoid enumeration 
of modes, but are still linked to one kind of diagnosis 
algorithm. 

Summarizing a main difference between HyDE and the 
mentioned approaches is that all of them are linked to 
one (or at most two modeling paradigms), and integrates 


one diagnosis algorithm. 

An implicit assumption in the integration of HyDE and 
PCs, due to the potential presence of output sensors as 
input in the subsystems defined by PCs is that sensor 
noise should not be too high. This is an issue with all 
model decomposition approaches, because the additional 
introduction of sensor noise as inputs. This fact provokes 
sometimes a delay in the detection time, needing a longer 
period to be sure that the difference in the residual is not 
related to noise. But this is a common problem in almost 
any approach to model-based diagnosis. 
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7. Conclusions 

In this paper we presented a method of combining HyDE 
and structural model decomposition that lets us improve 
the performance of HyDE under assumptions that sen- 
sor noise is not too high. The combined approach re- 
sults better diagnosis accuracy as well as reduced com- 
putational complexity. We demonstrated this on an 
electrical testbed at NASA Ames Research Center that 
has published nominal and faulty data sets as part of 
the Diagnostic Competition series. In future work we 
would like to apply this method to other systems, more 
datasets, and further characterize the improvement in 
performance. Of particular interest would be multiple 
fault and increased sensor noise scenarios. 
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